[HamWAN PSDR] 44.x.x.x HamWAN network at Paine

Dean Gibson AE7Q hamwan at ae7q.com
Thu May 1 19:28:07 PDT 2014 

On 2014-05-01 10:53, Bob wrote:
> 4. ...I was told by ICOM, a few years ago, that the ID-1s could not be meshed.  If the firmware could be reprogrammed to be compatible with Broadband-Hamnet, many of us may be willing to take the ID-1 off the shelf and get them on the air.
> 5. There are groups that have established links using ID-1s back to back ...

The most important thing to remember about two ID-1 radios communicating 
in DD-modes, is that they are*"a long Ethernet cable over RF."*  That is 
all they are.  If you have more than two ID-1 radios communicating in 
DD-mode, it is just like very long Ethernet cables connected to a common 
Ethernet hub.  Note that I said an Ethernet "hub" rather than an 
Ethernet "switch".  The distinction, while minor, is more appropriate 
considering "collisions".

Further, the ID-1 radio is just about as stupid as a piece of Ethernet 
cable.  So long as it encounters a properly formed *Ethernet* packet 
(not necessarily a TCP/IP packet), it will send it, and on reception, 
reproduce it, whether or not the packet contained garbage.  This has two 
ramifications:

Ramification #1:  The architecture of your network is completely 
flexible, just like it is on the Internet.  You can do anything you 
want.  Caveat:  you have to do it yourself with external equipment; the 
ID-1 will not do it for you.  So, for any "use case" you want, you 
*must* (not should) design your network with just wires (eg, very long 
Ethernet cables).  Then, when you are done, you "remove" the cable and 
replace it with two ID-1 radios.  Just like the Ethernet cable in real 
life, there are certain limitations with the ID-1:

 1. Line of sight; and
 2. speed.

So, what are the advantages of the ID-1 over wire?

 1. Distance to the next hop; and
 2. frequency agility (move away from competing traffic).  Since the
    ID-1 can be remotely controlled, we are going to be experimenting
    with this capability to increase the utility of the ID-1 in DD-mode.

In my opinion, asking the ID-1 to have /"firmware ... reprogrammed to be 
compatible with Broadband-Hamnet"/ is missing both the point and 
flexibility of the ID-1.  Rather than have the software in the ID-1, you 
can have it in the adjoining box.  What adjoining box?  Well, what are 
you trying to do?

Consider the "Universal Digital Radio" (UDRX-440) from "NW Digital 
Radio".  Some buyers want it to be a complete "appliance" solution (eg, 
gateway, server, etc), and some just want it to be a "raw" radio.  Well, 
with the ID-1 you don't get a choice:  it's the raw radio.  These days, 
little network devices (eg, Raspberry Pi) can be had for the price of an 
Icom programming cable (grin), and they can provide almost all the 
flexibility you need.

Ramification #2:  There is no privacy or security.  I'm not talking 
about *data* privacy/security;  amateurs already know that's part of 
amateur radio.  I'm talking about *n**etwork***security.  Just like the 
ten-mile fictional Ethernet cable you can run from your house to your 
friend's house, someone can "cut" into the cable at any point, and not 
only see what you are transferring, but also can add a fictional "hub" 
and access your entire network (unless protected; see below), just like 
anyone else in your house or local LAN.  That includes files on your 
local computers, unless you have taken precautions.  The Icom ID-1 
manual rightly gives a strong warning about this in several places.

Which brings me to configuration.  In my opinion, the best way to set up 
an ID-1, is you keep your old "outdated" 10Mbps Ethernet routers (eg, 
Linksys BEFSR41 routers that were commonly issued by Verizon for DSL).  
You connect the LAN side to your home network, and the WAN side to the 
ID-1.  This keeps the local LAN traffic off the air, and also provides 
network security via the built-in firewall in the router.

OK, so you and your friend Joe each have your ID-1 radios set up this 
way, so what can you do?  Answer: *nothing*.  You have to have a network 
service available on one or both the of the local LANs that you want to 
*share* (and to the entire world), and so you "punch" a hole in your 
firewall device, to forward network traffic to your server.  Your server 
better have all the security you need, or you are going to be in 
trouble, and I don't mean with the FCC ...

If you think that the proper network and security design is too much 
work, then you should probably sell your ID-1, or just use it in voice 
(FM or DV) mode.  I don't mean to be snippy, mean, or superior.  These 
are exactly the issues that *anyone* running a proper service on the 
Internet has to face.  The fact that it might be on a somewhat obscure 
portion of the Internet doesn't really provide any security.  Even if 
you trust the amateurs you grant access to, doesn't mean that they have 
taken the proper security precautions in their home network's access to 
their regular Internet ISP.  Some amateurs (not you; your friends ...) 
have a real capacity to think they know more than they do ...

OK, OK, it sounds like a lecture.  Sorry; I used to teach basic 
networking at the UW in Bothell.  I'll end with this true story:

Years ago, I found someone's mail server being used as an "open relay" 
(a common default configuration some twenty years ago) by some spammer.  
For some reason, I felt led to contact the administrator of the abused 
server, and he replied with much thanks.  He told me that he had just 
installed Linux on a brand new server, using an IP address that had not 
been used before, and then went to breakfast before completing the 
server configuration.  When he came back (about an hour later), his 
server had been discovered and was being used to send spam.

"Obscurity is no security"

-- Dean
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.hamwan.net/pipermail/psdr/attachments/20140501/19815a02/attachment.html>

More information about the PSDR mailing list